diff options
| author | Tim Graham <timograham@gmail.com> | 2015-08-03 16:27:49 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2015-08-05 08:15:30 -0400 |
| commit | 6f6043fd26a83bd0625ce34e1f64a1663fec26db (patch) | |
| tree | dd911c2cb3fd15236e08ee29076e52ee519dc907 /docs/topics/security.txt | |
| parent | df05495e8c57be54d411a09e532d6d0a47208ed4 (diff) | |
[1.8.x] Fixed #25212 -- Documented the RawSQL expression.
Backport of 97fa7fe961f961b6c93a11b50a7a1ed35c8bce8d from master
Diffstat (limited to 'docs/topics/security.txt')
| -rw-r--r-- | docs/topics/security.txt | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt index 6eab39efed..3d535bb85e 100644 --- a/docs/topics/security.txt +++ b/docs/topics/security.txt @@ -94,7 +94,8 @@ write :ref:`raw queries <executing-raw-queries>` or execute :ref:`custom sql <executing-custom-sql>`. These capabilities should be used sparingly and you should always be careful to properly escape any parameters that the user can control. In addition, you should exercise caution when using -:meth:`extra() <django.db.models.query.QuerySet.extra>`. +:meth:`~django.db.models.query.QuerySet.extra` and +:class:`~django.db.models.expressions.RawSQL`. Clickjacking protection ======================= |
